Modify Generic Column ACL
This modifies generic column ACL, MINE*.SALARY, to add explicit READ and WRITE
access for a given user.
modify acl mine.salary/generic
debby=(y,y,n,n);
Modify ACL for a Catalog
This modifies catalog MYCAT to remove universal READ and group WRITE access.
set acltype catalog;
modify acl mycat/noread nogroupwrite;
Modify Generic ACL for Catalog Entries
This modifies a generic ACL for catalog entries, MYCAT.MY*.CATAMS, to remove
universal READ access.
set acltype catalog;
modify acl my
c=mycat
t=catams/generic noread;
LIST ACL and LIST ACL _ALL_
LIST ACL acl1 acl2... [/options];
LIST ACL _ALL_ [/options];
Lists information about specific ACLs acl1 acl2... where ACL entries acl1 acl2... can be
one-part resource names or two-part (table.column) names. Specifying _ALL_ lists all
existing resource ACLs for which you have control access. Specifying _ALL_ as the table
identifier in a two-part name lists all tables for which the given column is matched.
Specifying _ALL_ as the column identifier in a two-part name lists all columns for which
the given table is matched.
List ACL Options:
GENERIC
Specifies that acl1 acl2 are generic ACLs.
LIBNAME
Identifies the special LIBNAME domain ACL.
C=cat
Identifies the selected ACLs as names of catalog entries from the catalog cat. This value
must be paired with the T= option.
T=type
Identifies the catalog entry type used to qualify the selected ACLs when the C=cat
option is specified.
VERBOSE
Performs the requested table ACL listing, followed by the column ACLs for a specified
table(s). This is equivalent to a LIST ACL table followed by a LIST ACL table._ALL_.
162 Chapter 14 • ACL Security Overview
